Joe Security Joe Lab

Joe Lab is a cloud-based malware analysis lab that provides dedicated, bare-metal (physical) machines for manual malware analysis and security testing. Unlike traditional on-premises labs, Joe Lab runs entirely within Joe Security's cloud infrastructure, eliminating the need for organizations to purchase hardware, configure isolated networks, or maintain physical equipment. Lab machines run Windows 10/11 x64 and are accessible 24x7 via a web-based VNC interface (mouse and keyboard) and a web-based file system browser, allowing full root access including file upload and download. Machines are bare-metal rather than virtual, making them resilient to VM-aware malware. Each lab machine is connected through an anonymized Internet connection with configurable exit points across 23+ countries, useful for analyzing country-aware malware. Alternatively, Internet simulation mode can be enabled to prevent malware from communicating with external infrastructure or revealing that the sample has been caught. Analysts can capture full network traffic in PCAP format and take screenshots at regular intervals, both stored off the machine. Lab machines can be restored to a known-good state with a single click, and two additional machine states can be saved and restored as needed. A RESTful Web API is available for automating tasks such as file access, machine restoration, and PCAP capture, with example Python scripts provided. Joe Lab is intended for SOC, CERT, CIRT teams and individual malware analysts who need a safe, isolated environment for activities such as executing suspicious files, developing and testing detections (YARA, Sigma), exploit analysis, long-term malware observation, and phishing/endpoint stack testing.